def test_success(self):
"User can delete itself"
self.add_user_root()
user = self.makeUser('thruflo', 'Password')
Session.add(user)
self.authenticate()
# Attempt to delete user
res = self.app.get('/users/thruflo/delete_user')
# Verify confirmation message
self.assertTrue('Are you really sure' in res.body)
# Verify that the user has not yet been deleted
self.assertTrue(get_existing_user(username='******') is not None)
# Delete the user
res = self.app.post('/users/thruflo/delete_user')
# Verify that the user has now been deleted
self.assertTrue(get_existing_user(username='******') is None)
# User should be logged out
self.assertTrue(len(res.headers['Set-Cookie']) < 200)
def test_success(self):
"User can delete itself"
self.add_user_root()
user = self.makeUser('thruflo', 'Password')
Session.add(user)
self.authenticate()
# Attempt to delete user
res = self.app.get('/users/thruflo/delete_user')
# Verify confirmation message
self.assertTrue('Are you really sure' in res.body)
# Verify that the user has not yet been deleted
self.assertTrue(get_existing_user(username='******') is not None)
# Delete the user
res = self.app.post('/users/thruflo/delete_user')
# Verify that the user has now been deleted
self.assertTrue(get_existing_user(username='******') is None)
# User should be logged out
self.assertTrue(len(res.headers['Set-Cookie']) < 200)
def test_signup(self):
"""Signup saves a user and their email address."""
# Sanity check there isn't an existing user.
existing = get_existing_user(username="******")
self.assertTrue(existing is None)
# Signup.
post_data = {"username": "******", "email": "*****@*****.**", "password": "******", "confirm": "Password"}
res = self.app.post("/auth/signup", post_data, status=302)
assert res # to satisfy pyflakes
# Now there is a user.
existing = get_existing_user(username="******")
self.assertTrue(existing is not None)
# And their email address is...
self.assertTrue(existing.emails[0].address == "*****@*****.**")
def test_signup(self):
"""Signup saves a user and their email address."""
# Sanity check there isn't an existing user.
existing = get_existing_user(username='******')
self.assertTrue(existing is None)
# Signup.
post_data = {
'username': '******',
'email': '*****@*****.**',
'password': '******',
'confirm': 'Password'
}
res = self.app.post('/auth/signup', post_data, status=302)
assert res # to satisfy pyflakes
# Now there is a user.
existing = get_existing_user(username='******')
self.assertTrue(existing is not None)
# And their email address is...
self.assertTrue(existing.emails[0].address == '*****@*****.**')
def test_signup(self):
"""Signup saves a user and their email address."""
# Sanity check there isn't an existing user.
existing = get_existing_user(username='******')
self.assertTrue(existing is None)
# Signup.
post_data = {
'username': '******',
'email': '*****@*****.**',
'password': '******',
'confirm': 'Password'
}
res = self.app.post('/auth/signup', post_data, status=302)
assert res # to satisfy pyflakes
# Now there is a user.
existing = get_existing_user(username='******')
self.assertTrue(existing is not None)
# And their email address is...
self.assertTrue(existing.emails[0].address == '*****@*****.**')
def test_success(self):
"""User can NOT delete itself. We have rules for what delete means."""
self.add_user_root()
user = self.makeUser('thruflo', 'Password')
Session.add(user)
self.authenticate()
# Attempt to delete user
res = self.app.post('/users/thruflo/delete_user', status=404)
# Verify that the user was not deleted.
self.assertIsNotNone(get_existing_user(username='******'))
def test_other_user(self):
"Non-admin user cannot delete other user"
self.add_user_root()
# User to delete
self.makeUser('alice', 'Password')
# Login as other user
bob = self.makeUser('bob', 'Password')
model.save(bob)
transaction.commit()
self.authenticate(username='******', password='******')
# Try to delete user
res = self.app.post('/users/alice/delete_user', status=403)
# Verify that the user has not been deleted
self.assertTrue(get_existing_user(username='******') is not None)
# User should still be logged in
self.assertTrue(len(res.headers['Set-Cookie']) > 250)
def test_other_user(self):
"Non-admin user cannot delete other user"
self.add_user_root()
# User to delete
self.makeUser('alice', 'Password')
# Login as other user
bob = self.makeUser('bob', 'Password')
model.save(bob)
transaction.commit()
self.authenticate(username='******', password='******')
# Try to delete user
res = self.app.post('/users/alice/delete_user', status=403)
# Verify that the user has not been deleted
self.assertTrue(get_existing_user(username='******') is not None)
# User should still be logged in
self.assertTrue(len(res.headers['Set-Cookie']) > 250)
def test_admin(self):
"Admin should be allowed to delete any user"
self.add_user_root()
# User to delete
self.makeUser('alice', 'Password')
# Login as admin
admin = self.makeUser('admin', 'Password')
admin.roles.append(model.Role(name='admin'))
model.save(admin)
transaction.commit()
self.authenticate(username='******', password='******')
# Delete user
res = self.app.post('/users/alice/delete_user')
# Verify that user has been successfully deleted
self.assertTrue(get_existing_user(username='******') is None)
# Admin should still be logged in
self.assertTrue(len(res.headers['Set-Cookie']) > 250)
def test_admin(self):
"Admin should be allowed to delete any user"
self.add_user_root()
# User to delete
self.makeUser('alice', 'Password')
# Login as admin
admin = self.makeUser('admin', 'Password')
admin.roles.append(model.Role(name='admin'))
model.save(admin)
transaction.commit()
self.authenticate(username='******', password='******')
# Delete user
res = self.app.post('/users/alice/delete_user')
# Verify that user has been successfully deleted
self.assertTrue(get_existing_user(username='******') is None)
# Admin should still be logged in
self.assertTrue(len(res.headers['Set-Cookie']) > 250)
def get_operator_user(request, registry=None):
"""We have a special user in our db representing the operator user. Here
We look them up by username, constructed from the client server name.
The operator should be the one to receive e-mails that target
the website / administration.
"""
if registry == None:
# Unpack.
settings = request.registry.settings
else:
settings = registry.settings
# Get the user, which depends on the server.
server = os.environ.get('INI_site__title', '')
if server.lower() == 'opendesk':
username = u'opendesk_operator'
elif server.lower() == 'fabhub':
username = u'fabhub_operator'
else:
raise Exception('Operator user not configured.')
return get_existing_user(username=username)
def get_operator_user(request, registry=None):
"""We have a special user in our db representing the operator user. Here
We look them up by username, constructed from the client server name.
The operator should be the one to receive e-mails that target
the website / administration.
"""
if registry == None:
# Unpack.
settings = request.registry.settings
else:
settings = registry.settings
# Get the user, which depends on the server.
server = os.environ.get('INI_site__title', '')
if server.lower() == 'opendesk':
username = u'opendesk_operator'
elif server.lower() == 'fabhub':
username = u'fabhub_operator'
else:
raise Exception('Operator user not configured.')
return get_existing_user(username=username)
